wordpress tip: secure your wordpress blogs

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • fris
    Too lazy to set a custom title
    • Aug 2002
    • 55679

    #1

    wordpress tip: secure your wordpress blogs

    Hackers are people too.

    Unfortunately, they're the wrong type of people; the ones who'll look for
    ways to break a site and suck all your hard work into oblivion, all
    because their imaginary girlfriend dumped them for a PlayStation 3 while
    they were busy zapping goblins with their level 32 Warlock.

    If you're using the latest version of WordPress, you're already more
    secure than many, but there are still ways to be safer.

    Use these 5 tips to keep your self-hosted WordPress site safe. Note: most
    of these tips apply to general web development too.

    1. Protect your plugin directory

    Showing which plugins you have installed can expose an exploit in an
    outdated plugin, and is an easy target for hackers to gain access to your
    site or even worse your server.

    Solution:

    Create an index.html file and upload it to your /wp-content/plugins/
    directory.

    2. Don't expose your wordpress version

    Its best to remove your wordpress version string from your theme.

    If you let people know what version you are running, you can be an easy
    target if you are running an older version of wordpress.

    Solution:

    Look for and remove this line from your themes header.php file.

    Code:
    <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
    3. Protect your wordpress files from search engines.

    Its best if you don't have any of your core wordpress files indexed by
    search engines.

    Solution: add the following to your robots.txt

    Code:
    Disallow: /wp-*
    4. Protect your wordpress admin folder.

    Limiting you wordpress admin by ip address will give anyone but you or
    any staff members access to your admin.

    If any unauthorized people try and access your admin will be sent a
    forbidden 403 error.

    solution: add a .htaccess to your /wp-admin directory (not your root)

    Code:
    order deny,allow
    deny from all
    allow from 216.17.172.11 (by ip address)
    allow from .fris.sprint.ca (by domain)
    5. Permissions, Permissions, Permissions.

    Using the correct permissions on your wordpress install is a must,
    especially if you are on a shared server.

    All your folder permissions should be set to 755, and files should be set
    to 644.

    Alternatively if you want to edit your theme in the wordpress editor, use
    666.

    Never use 777 for wordpress permissions, if you do, you're letting all
    users on the server do what they want with the site.

    On a shared or badly configured server this can mean chaos.

    ---

    On another note I found this password manager that is free and I use it
    daily. It has been mentioned on NBC, and PC Magazine.

    They have a desktop version and a web version

    http://www.passpack.com/en/home/



    Sorry if it was long, but its important.

    Last edited by fris; 01-12-2009, 03:58 AM.
    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.
  • Libertine
    sex dwarf
    • May 2002
    • 17860

    #2
    Great post!
    /(bb|[^b]{2})/

    Comment

    • StaceyJo
      Confirmed User
      • Mar 2008
      • 8960

      #3
      Very nice post. Thanks. I bookmark this.
      /_______ WebCashMaker ______\
      | _TeenageDecadence - Young Board Naked Teens. |
      | ____ NonNudeGirls - Female Puberty Photos. ____ |
      | _ HerSelfPics - The ORIGINAL exGF SelfPic site. __ |
      \.______ xPosing - Wife Photosharing site. _______./

      Comment

      • Nicky
        Too lazy to set a custom title
        • Mar 2003
        • 30071

        #4
        Good stuff as always Fris

        gfynicky @ gmail.com

        Comment

        • tranza
          ICQ: 197-556-237
          • Jun 2003
          • 57559

          #5
          Great tip man!
          I'm just a newbie.

          Comment

          • CIVMatt
            Amateur Pimpin
            • Aug 2004
            • 13075

            #6
            Thanks Fris, good info
            Make easy money with Webcams

            Comment

            • LiveDose
              Show Yer Tits!
              • Feb 2002
              • 25792

              #7
              Bump for good info.

              Scammer Alert: acer19 acer [email protected] [email protected] Money stolen using PayPal

              Comment

              • alias
                aliasx
                • Apr 2001
                • 19010

                #8
                ninja tips
                https://porncorporation.com

                Comment

                • Sosa
                  In Tushy Land
                  • Oct 2002
                  • 40149

                  #9
                  good stuff fris

                  Comment

                  • AtlantisCash
                    Confirmed User
                    • Dec 2005
                    • 3179

                    #10
                    Originally posted by fris
                    Hackers are people too.

                    Unfortunately, they're the wrong type of people; the ones who'll look for
                    ways to break a site and suck all your hard work into oblivion, all
                    because their imaginary girlfriend dumped them for a PlayStation 3 while
                    they were busy zapping goblins with their level 32 Warlock.

                    If you're using the latest version of WordPress, you're already more
                    secure than many, but there are still ways to be safer.

                    Use these 5 tips to keep your self-hosted WordPress site safe. Note: most
                    of these tips apply to general web development too.

                    1. Protect your plugin directory

                    Showing which plugins you have installed can expose an exploit in an
                    outdated plugin, and is an easy target for hackers to gain access to your
                    site or even worse your server.

                    Solution:

                    Create an index.html file and upload it to your /wp-content/plugins/
                    directory.

                    2. Don't expose your wordpress version

                    Its best to remove your wordpress version string from your theme.

                    If you let people know what version you are running, you can be an easy
                    target if you are running an older version of wordpress.

                    Solution:

                    Look for and remove this line from your themes header.php file.

                    Code:
                    <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
                    3. Protect your wordpress files from search engines.

                    Its best if you don't have any of your core wordpress files indexed by
                    search engines.

                    Solution: add the following to your robots.txt

                    Code:
                    Disallow: /wp-*
                    4. Protect your wordpress admin folder.

                    Limiting you wordpress admin by ip address will give anyone but you or
                    any staff members access to your admin.

                    If any unauthorized people try and access your admin will be sent a
                    forbidden 403 error.

                    solution: add a .htaccess to your /wp-admin directory (not your root)

                    Code:
                    order deny,allow
                    deny from all
                    allow from 216.17.172.11 (by ip address)
                    allow from .fris.sprint.ca (by domain)
                    5. Permissions, Permissions, Permissions.

                    Using the correct permissions on your wordpress install is a must,
                    especially if you are on a shared server.

                    All your folder permissions should be set to 755, and files should be set
                    to 644.

                    Alternatively if you want to edit your theme in the wordpress editor, use
                    666.

                    Never use 777 for wordpress permissions, if you do, you're letting all
                    users on the server do what they want with the site.

                    On a shared or badly configured server this can mean chaos.

                    ---

                    On another note I found this password manager that is free and I use it
                    daily. It has been mentioned on NBC, and PC Magazine.

                    They have a desktop version and a web version

                    http://www.passpack.com/en/home/



                    Sorry if it was long, but its important.



                    fris!,

                    Since afew days i was thinkin to contact You for something,

                    May i get Your icq?
                    Kız telefonları
                    |
                    Telefonda seks sohbet

                    Comment

                    • fris
                      Too lazy to set a custom title
                      • Aug 2002
                      • 55679

                      #11
                      icq: 704-299
                      Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                      Comment

                      • Ethersync
                        Confirmed User
                        • Mar 2008
                        • 5289

                        #12
                        Great advice. I wish I could set this to auto-subscribe to all threads you start
                        The best ePassporte replacement I have found: OKPAY

                        Comment

                        • qxm
                          Confirmed User
                          • Jul 2006
                          • 5970

                          #13
                          u deserve rep for this ...lol ... good post m8

                          ICQ: 266990876

                          Comment

                          • Sarah_Jayne
                            Now with more Jayne
                            • Dec 2002
                            • 40077

                            #14
                            a nice one once again

                            Comment

                            • Axel XXX
                              Confirmed User
                              • Aug 2002
                              • 6924

                              #15
                              Great post
                              CCBill Sponsors // ccbillsponsors.com // Your #1 Source for CCBill Sponsors!

                              Comment

                              • kmanrox
                                aka K-Man
                                • Oct 2001
                                • 29295

                                #16
                                hey frissy, stop plagiarizing and start posting reference links to the places you're scraping content from


                                http://wordprezzie.com/wordpress-security-tips/
                                Crypto HODLr
                                Crypto mining
                                Angel investor

                                Comment

                                • dav3
                                  Confirmed User
                                  • May 2007
                                  • 7348

                                  #17
                                  thank you wordpress ninja!
                                  Webmasters :: Juicy Ads :: ACWM :: Crak Revenue :: Money Tree

                                  Comment

                                  • TyroneGoldberg
                                    Confirmed User
                                    • Sep 2007
                                    • 1081

                                    #18
                                    good tips and will use...

                                    thanks

                                    Comment

                                    • DutchTeenCash
                                      I like Dutch Girls
                                      • Feb 2003
                                      • 21684

                                      #19
                                      great post thanks

                                      ICQ 16 91 547 - SKYPE dutchteencash
                                      bob AT dutchteencash DOT com
                                      ... did you see our newest Sweet Natural Girl Priscilla (18)?

                                      Comment

                                      • fris
                                        Too lazy to set a custom title
                                        • Aug 2002
                                        • 55679

                                        #20
                                        Originally posted by kmanrox
                                        hey frissy, stop plagiarizing and start posting reference links to the places you're scraping content from


                                        http://wordprezzie.com/wordpress-security-tips/
                                        I never said i wrote it, im just gathering informaiton for people to use.

                                        but thanks for pointing out that I should have linked that article.

                                        Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                        Comment

                                        • seeric
                                          ..........
                                          • Aug 2004
                                          • 41917

                                          #21
                                          thanks man.

                                          didn't have the dissallow wp- part

                                          now i do.

                                          good lookin out.

                                          Comment

                                          • kush
                                            Confirmed User
                                            • Feb 2001
                                            • 3382

                                            #22
                                            Great tips to implement!

                                            Comment

                                            • Itchy
                                              Datetronix.com
                                              • Jan 2001
                                              • 6525

                                              #23
                                              I know im changeing things up on my blogs thans for the great tips


                                              ICQ: 2588560
                                              Skype: Pornocop

                                              Comment

                                              • Altheon
                                                Confirmed User
                                                • May 2004
                                                • 506

                                                #24
                                                I'd go with RoboForm in lieu of PassPack. With Roboform you keep the passwords on your local machine. I think people are way too trusting of these web apps.

                                                Comment

                                                • HomerSimpson
                                                  Too lazy to set a custom title
                                                  • Sep 2005
                                                  • 13826

                                                  #25
                                                  finally a useful post!
                                                  Make a bank with Chaturbate - the best selling webcam program
                                                  Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                                                  PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                                                  Comment

                                                  • Supz
                                                    Arthur Flegenheimer
                                                    • Jul 2006
                                                    • 11057

                                                    #26
                                                    This is an awesome post.

                                                    Comment

                                                    • wizzart
                                                      scriptmaster
                                                      • May 2006
                                                      • 5246

                                                      #27
                                                      very good tips
                                                      BimboZone

                                                      Comment

                                                      • JTCash
                                                        Confirmed User
                                                        • Apr 2008
                                                        • 127

                                                        #28
                                                        That is useful! Thank you!
                                                        JTCash.com Teens Ratio 1:237
                                                        My18Teens & MyTeenVideo
                                                        ICQ 221725975

                                                        Comment

                                                        • Toni_N
                                                          Confirmed User
                                                          • Oct 2004
                                                          • 3511

                                                          #29
                                                          great tips
                                                          GFY regular.

                                                          Comment

                                                          • TyroneGoldberg
                                                            Confirmed User
                                                            • Sep 2007
                                                            • 1081

                                                            #30
                                                            bump as i found out i fucked up on a certain part....

                                                            Comment

                                                            • Nookster
                                                              Confirmed IT Professional
                                                              • Nov 2005
                                                              • 3744

                                                              #31
                                                              Good post for those whom do not know.
                                                              The Best Affiliate Software, Ever.

                                                              Comment

                                                              • gimme-website
                                                                Confirmed User
                                                                • Jun 2008
                                                                • 1589

                                                                #32
                                                                Important yet so simple. Thank you for excellent tips!
                                                                www.gimme-website.com

                                                                Comment

                                                                • V_RocKs
                                                                  Damn Right I Kiss Ass!
                                                                  • Nov 2003
                                                                  • 32449

                                                                  #33
                                                                  Where you reading my source code again?

                                                                  Comment

                                                                  • Altheon
                                                                    Confirmed User
                                                                    • May 2004
                                                                    • 506

                                                                    #34
                                                                    Just a warning!!!

                                                                    If you use .htaccess to restrict access to the WordPress directory and you are running Super Cache or one of the other cache plugins your site will be messed up. So you may want to skip that step.

                                                                    Comment

                                                                    Working...